Samurai XDR Collectors are used to receive and transport telemetry from your security controls, network devices or cloud services to Samurai XDR.
There are two types of collectors:
1. Cloud Collector
- Deployed within the Samurai XDR platform and used to gather any relevant telemetry from cloud native services and/or security controls. For a cloud collector you simply need to complete the relevant integration.
2. Secure Syslog Collector
- Deployed within the Samurai XDR Platform and used to receive Syslog telemetry from your local security controls and devices. This Secure Syslog Collector will only allow you to send Syslog formatted logs that are encapsulated in TLS (Transport Layer Security).
What type of Collector do you require?
This is dependent on the products you want to integrate with Samurai XDR. If they are deployed on your internal network, we need a method to gather telemetry data, in this case a Secure Syslog Collector is required.
If your local security device does not supporting sending Syslog in TLS then we recommend using a forwarding facility in your local network pointing to Samurai XDR.
We do not support sending standard Syslog via UDP directly over the Internet as this is an insecure connection.
For cloud-native services we typically utilize a Cloud Collector deployed within the Samurai XDR to gather telemetry data.
At the end of the day, its based on your device. The integration guide will automatically select the right collector for you!
Next steps:
- Review our Supported Integrations and associated Integration Guides to determine the collector type(s) required. Within each Integration Guide there is a table denoting use of a Secure Syslog or Cloud Collector, alternatively this is displayed in the Samurai XDR application when working through integration.